SaaS Security
Onboard a Sumo Logic App to SSPM
Table of Contents
Expand All
|
Collapse All
SaaS Security Docs
Onboard a Sumo Logic App to SSPM
Onboard a Sumo Logic app to SSPM to detect posture risks.
Where Can I Use This? | What Do I Need? |
---|---|
|
Or any of the following licenses that include the Data Security license:
|
For SSPM to detect posture risks in your Sumo Logic instance, you must onboard your
Sumo Logic instance to SSPM. Through the onboarding process, SSPM connects to a Sumo
Logic API by using an access key that you generate as the Sumo Logic account owner.
After connecting to the Sumo Logic API, SSPM scans your Sumo Logic instance for
misconfigured settings and account risks.
The supported Sumo Logic account plan for SSPM scans is the Enterprise plan.
To access your Sumo Logic instance, SSPM requires the following information, which
you will specify during the onboarding process.
Item | Description |
---|---|
Admin Access ID
|
One of the programmatic credentials that SSPM will use to access
the Sumo Logic API, analogous to a user ID. It's a unique
alphanumeric string that identifies the access key pair.
|
Admin Access Key
|
One of the programmatic credentials that SSPM will use to access
the Sumo Logic API, analogous to a password. Sumo Logic uses it
to authenticate API requests from SSPM.
|
Endpoint region
| The region where Sumo Logic is hosting your data. |
To onboard your Sumo Logic instance, you complete the following actions:
- Generate a Sumo Logic access key and copy its credentials.
- Identify the Sumo Logic account that you will use to generate the access key.Required Permissions: You must generate the access key from the account that is designated the Sumo Logic account owner. This is either the user who registered the account, or was later designated the account owner.Log in to Sumo Logic as the account owner.Navigate to your Sumo Logic preferences.To navigate to your preferences, locate your profile icon in the upper-right corner of the Sumo Logic page, and select <profile-icon> Preferences.Select the Personal Access Keys tab and Add Access Key.In the Add New Access Key window, specify a name for your access key. This name will appear in the list of your personal access keys, so give it a meaningful name, such as SSPM Integration.Under Scopes, select the Custom option.By default, the access key will inherit the permissions of the user who creates it. Because we are creating the key as the Account Owner, who has the highest level of administrative privileges, you should explicitly limit the access key's permissions to the minimum permissions that SSPM requires. Specify the following custom scopes:
- Access Keys - View
- Access Keys - Manage
- Users And Roles - View
- Users And Roles - Manage
- Content admin
- Manage Library
- Run Log Search - View/Manage
- View Collectors
- View Security Settings
- View Account Status
Save your key.Sumo Logic generates the key and displays its credentials (Access ID and Access Key).Copy the Access ID and Access Key and paste them into a text file.Don’t continue to the next step unless you have copied the Access ID and Access Key. You will provide this information to SSPM during the onboarding process.Identify your Sumo Logic endpoint region.Use the following table to determine your region based on your login URL.URL Region api.au.sumologic.com AU (Australia)api.ca.sumologic.com CA (Canada)service.de.sumologic.com DE Germanyservice.eu.sumologic.com EU (European Union)service.fed.sumologic.com FED (US Government)service.in.sumologic.com IN (India)service.jp.sumologic.com JP (Japan)service.sumologic.com US1 (United States)service.us2.sumologic.com US2 (United States)Connect SSPM to your Sumo Logic instance.In SSPM, complete the following steps to enable SSPM to connect to your Sumo Logic instance.- Log in to Strata Cloud Manager.Select ManageConfigurationSaaS SecurityPosture SecurityApplicationsAdd Application and click the Sumo Logic tile.On the Posture Security tab, Add New instance.Log in with Credentials.Enter the credentials for your access key (Access ID and Access Key) and the endpoint region.Connect.